By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Using Cognito to authenticate API Gateway

0

I am taking a Coursera class called "Building Modern Python Applications AWS"

I am going through the videos and exercises, and while I understand everything conceptually, unfortunately there have been so many changes in the User Interface in AWS, that the instructions are already very out of date after just two years.

This is the exercise I've been following along, which should allow me to set up cognito and use it to authenticate my "dragons" resource in API Gateway.

https://aws-tc-largeobjects.s3.amazonaws.com/DEV-AWS-MO-BuildingRedux/exercise-3-cognito.html

Essentially the instructions are to set up a Cognito User Pool, Configure API Gateway to use the userpool for authentication, and ensure that the S3 hosted website allows you to log in through Cognito.

After trying to follow along and do as much as I can, there are at least two issues I can't seem to solve, despite trying to troubleshoot myself.

First, in API Gateway, when I go to test the get method without adding an authorization token in the header, I will still get a response body, even though I should get an authorization error.

Second, on the dragons website, after I add my own Dragons Endpoint, Cognito Domain, and Cognito Client ID, when I try to login, I will an error:

This site can’t be reached Check if there is a typo in https. If spelling is correct, try running Connectivity Diagnostics. DNS_PROBE_FINISHED_NXDOMAIN

This is a little frustrating because this class is taught by AWS employees, and I would think they would keep the instructions up to date for learning.

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon API GatewayAmazon Cognito
Language
English
rePost-User-7063470
asked a year ago239 views
1 Answer
1

Hi, for the first question you are asking:

when I go to test the get method without adding an authorization token in the header, I will still get a response body, even though I should get an authorization error.

If you test the API from the test interface the cognito authentication is not required, you should deploy your api and then try to call them from an external client. In that case you will see that the authentication mechanism is actually working.

for the second question:

Second, on the dragons website, after I add my own Dragons Endpoint, Cognito Domain, and Cognito Client ID, when I try to login, I will an error: This site can’t be reached Check if there is a typo in https. If spelling is correct, try running Connectivity Diagnostics. DNS_PROBE_FINISHED_NXDOMAIN

can you try to better explain the architecture that your are actually building? the issue that you are facing is related to the DNS so it's probable that the domain that you are trying to reach does not exist. Since you are using HTTPS did you setup some certifications? Is it possible that your website is only running on HTTP?

AWS
Simone Tallevi
answered a year ago
  • rePost-User-7063470
    a year ago

    Hi, after a bit, I figured out what was going on. For the second question, I found out that the page was adding an extra "http://" to the string before sending it off to be validated. I took that out and it worked properly.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content